China’s new cybersecurity law may have passed three months ago, but 75% of legal technology professionals aren’t even familiar with it.
Those statistics come from a survey conducted by global legal consulting firm Consilio, which surveyed 118 legal tech professionals at a conference in New York last month.
The new law, which be enforced from June 2017, will require all organisations doing business in China to localise their data in the country. This includes data that may contain sensitive information or state secrets.
The survey found that only 14% of respondents are ‘very concerned’ about the new law.
Those organisations that don’t comply will be liable for financial penalties, including a ban from conducting business in Mainland China, or even criminal penalties, imprisonment and the death penalty for extreme cases.
57% of respondents said that in the last two years, they had at least one legal matter such as government or internal investigations, litigation or M&A which had ‘touched’ China in some way.
27% said they knew of at least legal matters involving China and their own organisations in the last two years. 8% had between five and nine matters; 22% had between one and four matters; and 25% said they had none.
“China is now the world’s second largest economy, and for global corporations and those that aspire to be global, it is critical for them to have a full understanding of the data requirements and regulatory landscape of that region,” says Dan Whitaker, Consilio China’s managing director.
“Since 2012, cyber walls have been going up in multiple regions around the world, and as countries continue to create new regulations, organizations must continually educate themselves on the quickly evolving nuances of data privacy laws in every jurisdiction, specifically as it relates to the ability to move data in and out of the countries in question,” he explains.
24% of respondents said they were ‘somewhat familiar’ with the new law, while only 2% said they were ‘very familiar’ with it.
Despite the unfamiliarity with specifics, 52% respondents said they have at between 1-25 legal resources and/or people dedicated to international data privacy regulations and compliance. 14% have no individuals assigned.